TY - JOUR
T1 - CryptCloud
T2 - Secure and Expressive Data Access Control for Cloud Storage
AU - Ning, Jianting
AU - Cao, Zhenfu
AU - Dong, Xiaolei
AU - Liang, Kaitai
AU - Wei, Lifei
AU - Choo, Kim Kwang Raymond
N1 - Publisher Copyright:
© 2008-2012 IEEE.
PY - 2021/1/1
Y1 - 2021/1/1
N2 - Secure cloud storage, which is an emerging cloud service, is designed to protect the confidentiality of outsourced data but also to provide flexible data access for cloud users whose data is out of physical control. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is regarded as one of the most promising techniques that may be leveraged to secure the guarantee of the service. However, the use of CP-ABE may yield an inevitable security breach which is known as the misuse of access credential (i.e., decryption rights), due to the intrinsic 'all-or-nothing' decryption feature of CP-ABE. In this paper, we investigate the two main cases of access credential misuse: one is on the semi-trusted authority side, and the other is on the side of cloud user. To mitigate the misuse, we propose the first accountable authority and revocable CP-ABE based cloud storage system with white-box traceability and auditing, referred to as CryptCloud++. We also present the security analysis and further demonstrate the utility of our system via experiments.
AB - Secure cloud storage, which is an emerging cloud service, is designed to protect the confidentiality of outsourced data but also to provide flexible data access for cloud users whose data is out of physical control. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is regarded as one of the most promising techniques that may be leveraged to secure the guarantee of the service. However, the use of CP-ABE may yield an inevitable security breach which is known as the misuse of access credential (i.e., decryption rights), due to the intrinsic 'all-or-nothing' decryption feature of CP-ABE. In this paper, we investigate the two main cases of access credential misuse: one is on the semi-trusted authority side, and the other is on the side of cloud user. To mitigate the misuse, we propose the first accountable authority and revocable CP-ABE based cloud storage system with white-box traceability and auditing, referred to as CryptCloud++. We also present the security analysis and further demonstrate the utility of our system via experiments.
KW - Secure cloud storage
KW - access credentials misuse
KW - auditing
KW - ciphertext-policy attribute-based encryption
KW - traceability and revocation
UR - https://www.scopus.com/pages/publications/85041206227
U2 - 10.1109/TSC.2018.2791538
DO - 10.1109/TSC.2018.2791538
M3 - 文章
AN - SCOPUS:85041206227
SN - 1939-1374
VL - 14
SP - 111
EP - 124
JO - IEEE Transactions on Services Computing
JF - IEEE Transactions on Services Computing
IS - 1
M1 - 8252795
ER -